Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clam 571 sigtool vba extraction improvements #852

Merged
merged 1 commit into from Mar 30, 2023
Merged

Clam 571 sigtool vba extraction improvements #852

merged 1 commit into from Mar 30, 2023

Conversation

ragusaa
Copy link
Contributor

@ragusaa ragusaa commented Mar 6, 2023
edited by micahsnyder

This PR deduplicates some vba extraction logic so sigtool works the same way libclamav does, and so it can extract more things.

@ragusaa ragusaa force-pushed the CLAM-571-ThisProbablyWontWork branch 9 times, most recently from e372a80 to 06cdd46 Compare March 10, 2023 22:37
@micahsnyder micahsnyder changed the title Clam 571 this probably wont work Clam 571 sigtool vba extraction improvements Mar 20, 2023
@micahsnyder
Copy link
Contributor

In testing I tried using the --vba-hex=FILE option and it failed:


❯ ./install/bin/sigtool --vba-hex=$HOME/Downloads/1b96c0ad7ce83a573ec7770435655fa2c82c42ea43bd012dd0b64444941c9432
scanfile: Invalid args.

@ragusaa ragusaa force-pushed the CLAM-571-ThisProbablyWontWork branch from c000ec8 to aed8895 Compare March 21, 2023 15:58
@ragusaa
Copy link
Contributor Author

ragusaa commented Mar 21, 2023

Good catch, just pushed an update

@ragusaa ragusaa force-pushed the CLAM-571-ThisProbablyWontWork branch 2 times, most recently from 070fabc to 67ddb36 Compare March 22, 2023 19:32
micahsnyder
micahsnyder requested changes Mar 22, 2023
View reviewed changes
common/optparser.c Show resolved Hide resolved
sigtool/sigtool.c Outdated Show resolved Hide resolved
sigtool/sigtool.c Outdated Show resolved Hide resolved
sigtool/sigtool.c Outdated Show resolved Hide resolved
sigtool/sigtool.c Outdated Show resolved Hide resolved
sigtool/sigtool.c Outdated Show resolved Hide resolved
@ragusaa ragusaa force-pushed the CLAM-571-ThisProbablyWontWork branch from 32b4737 to 5801dfb Compare March 23, 2023 18:03
micahsnyder
micahsnyder requested changes Mar 23, 2023
View reviewed changes
libclamav/clamav.h Outdated Show resolved Hide resolved
libclamav/clamav.h Outdated Show resolved Hide resolved
libclamav/others.h Outdated Show resolved Hide resolved
@ragusaa ragusaa force-pushed the CLAM-571-ThisProbablyWontWork branch from 258ac87 to 49592f1 Compare March 28, 2023 04:23
@micahsnyder micahsnyder mentioned this pull request Mar 28, 2023
Merged
@ragusaa ragusaa force-pushed the CLAM-571-ThisProbablyWontWork branch 4 times, most recently from 9314e36 to f4c21fb Compare March 29, 2023 23:17
@micahsnyder micahsnyder force-pushed the CLAM-571-ThisProbablyWontWork branch 2 times, most recently from 53db585 to d6796d0 Compare March 30, 2023 04:25
@ragusaa @micahsnyder
Sigtool: Add vba macro support for OOXML files
4747786 
Add a new cl_engine_set_clcb_vba() function to set a cb_vba callback
function and add clcb_generic_data handler prototype to the clamav.h
public API.

The cb_vba callback function will be run whenever VBA is extracted from
office documents. The provided data will be a normalized copy of the
original VBA. This callback is added to support Sigtool so it can use
the same VBA extraction logic as when scanning documents.

Change the Sigtool temp directory creation for any commands that use
temp directories so that you can select a custom temp directory with the
`--tempdir=PATH` option, and can retain the temp files with the
`--leave-temps` option.

Added `--tempdir` and `--leave-temps` to the Sigtool `--help` output.
Added `--tempdir` and `--leave-temps` to the Sigtool manpage.
@micahsnyder micahsnyder force-pushed the CLAM-571-ThisProbablyWontWork branch from d6796d0 to 4747786 Compare March 30, 2023 04:29
@micahsnyder micahsnyder merged commit f683571 into Cisco-Talos:main Mar 30, 2023
19 of 24 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@micahsnyder micahsnyder micahsnyder approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ragusaa @micahsnyder